At Bitcoin2014, Gavin Andresen proclaimed 2014 to be the year of multisig. Putting debate over whether this prediction came to fruition aside, continue reading to learn more about multisig technology.
What are multisignature addresses?
Multisignature addresses (or multisigs) are addresses that allow more than one signature to spend the funds. Oftentimes multiple signatures are required in conjunction. The acceptable signatures and number required is determined upon creation of the address. The most common case accepts three signatures and requires two of the three to initiate a transaction.
More technically, multisigs are one special use case of Pay To Script Hash (P2SH) transactions. P2SH was introduced to allow for scripts to regulate the redemption conditions of funds. Regulating how outgoing funds can be redeemed -- instead of regulating incoming funds sent to an address -- makes it easier to introduce these addresses. Sending funds to a multisig address works exactly the same as any other address.
From the outside, multisigs are only different from regular addresses in that they start with a 3. Multisig addresses are not fully contained in a wallet.dat file. They are created using several regular addresses whose private keys never have to exist in the same place. Therefore, multisigs normally occur in the blockchain, but not inside a single wallet instance. They are managed using the regular addresses used to create them and a redemption script. You need to have backups of the creation address private keys, but not of the multisig. In fact there is no private key.
Reasons to use multisigs
The main reason to use multisigs is security. An attacker would need to gain control over more than one signature to steal funds, making theft more difficult. Some people use multisigs to require their signature from two different devices they control, eliminating the risk of their funds being stolen if only one device is compromised.
Another very important use case is for funds that belong to organizations or groups of individuals. If the multisig requires more than one signature and the allowed signatures are distributed between different people, no single person can misuse or lose access to funds. This is something we've seen many times in crypto, so a wider adoption of multisigs would help strengthen the ecosystem. Multisigs should be standard in any organization that holds funds on behalf of other people. They are easier to work with than commonly assumed, so there is really no excuse. For the recently launched Darkcoin Foundation (disclaimer: I’m in the board of directors), we receive funds to a multisig address that everyone can check. Members love it because they know that we take their funds seriously.
The number of wallets and services that offer multisigs has increased over the last few months. However, they are not used as much as they could be. One reason could be that many times multisigs are mixed with cold storage or other features like timelocks, making them more complex and scaring people off.
I'm not a huge supporter of online wallets, but some offer nice multisig features. However, the reason to go multisig is more security, which I don't believe can be fully obtained if you have to trust or rely on third parties. Even if third parties don't store your private keys on their servers (usually they store them in a browser extension), I would rather manage my funds using a local wallet. I prefer not to depend on third parties whose services may become unavailable in future. Call me old fashioned!
Anyway, if you want to explore the third-party route, there are a few promising services. I've heard great reviews of Coinb.in, onchain.io, copay.io, and greenaddress.it, and there are probably more worth considering. For some use cases, these services may be perfectly fine, so don't discard them just because I prefer other options.
As for local wallets, the only one that really excels in multisigs is Armory. It manages multisigs from the GUI (in the expert user setup) and also offers cold storage for offline computers. It is an amazing product, but it is huge (30 GB of hard disk space, additional to the 29 GB for the Bitcoin blockchain) and most people won't need so many features.
If you don't want to use Armory, the other option is to use the command line/console in other wallets. Both Electrum and Bitcoin Core are capable enough. This option seems more complex, but once you get used, it is not that bad.
Clearly, there is yet a lot of work to be done in this space. However, that shouldn't be an excuse to not use multisigs. With some work, you don't need special wallets or services. As I mentioned before, at the Darkcoin Foundation we use multisigs, and we manage them with Darkcoin Core and Bitcoin Core without any problems.
An example for Darkcoin Core and Bitcoin Core wallets
Setting up a multisig address is super easy with Qt wallets. Receiving funds works exactly as it does when receiving them in a regular address. Spending is a bit trickier, but it can be easily mastered. It will take 30 minutes the first time and 5 once you are used to it.
This is probably not the place for a super detailed step-by-step guide, so I'll just give the basic instructions and hints. I'll add some screenshots and links from an example address and transactions done with Darkcoin Core. Darkcoin is the coin I use most, but Bitcoin multisigs work exactly the same in Bitcoin Core. If you want the super detailed step by step process, you can check the one I wrote in Darkcoin's wiki with this same example address.
You need the addresses that you are going to use to sign in the multisig. For a simple 2 of 3 multisig, you need the three addresses' public keys.
To get the public key you can use the command validateaddress. It is also a good idea to get the private key and keep it somewhere safe.
With the three public keys and the command createmultisig, you create the multisig address and get the redemption script. Anyone can do this, the result will be the same if the order of the public keys is the same.
As I said, sending to a multisig address is exactly the same as with regular addresses and transactions look the same. The only difference is that multisigs start with a 3. There are still some services out there that don't recognize multisig addresses as valid, but they are few. If you encounter any problem sending, you'll have to move the funds somewhere else and send from there. You should also report the problem to the developers of that service/wallet. If they don't adapt, you should really consider switching!
Spending is the reason d'etre for multisigs. You'll need as many signatures as defined when creating the address with the createmultisig command in step 1.
The particularity is that you need to create the transaction manually. Besides the address to pay and the amount, you'll need to tell the wallet what inputs to use, what miners fee to pay (very important to avoid having the transaction stuck or paying a huge fee) and where to send the change (usually, back to the multisig). After that, the transaction needs to be signed and sent to the network.
This is done in several steps:
- Create the transaction with the createrawtransaction command
- Sign the transaction with the signrawtransaction command
- Send the data to the next signatory
- Next signatory/ies signs the transaction
- Last signatory broadcasts the transaction to the network with the sendrawtransaction command
To do all this, you will need some information on the outputs received by the multisig. You can get all of it with the listunspent (or a blockchain explorer) and getrawtransacion commands. To sign the transaction each signatory will use the private key of the address used to create the multisig. Never, never, never share your private keys. The private keys in the screenshot below are shown to illustrate the example, and I will never use that address again.
As I said, it may not be straightforward, but it is not extremely difficult. With some work and a text editor (you'll be using long text strings, so it is better to work in a text editor and paste the commands in the console/command line) anybody can master this method. If you are proficient enough you could also write some scripts to automate most of the steps. In fact, there are several scripts already available, but I recommend to only do what you can understand.
If you combine the power of multisigs with timelocks the possibilities are even bigger, but I'll leave that for another article.